How safe is your Automated Teller Machine (ATM) card?
That is the big question pre-occupying the minds of thousands of commercial bank clients, who have been stunned to hear reports of several people whose accounts have been mysteriously emptied.
Cyber criminals are on the prowl, especially in Dar es Salaam and other big cities, targeting personal accounts from which they have reportedly siphoned millions of shillings.

The arrest in Dar es Salaam of two Bulgarian nationals, who police say had stolen a whopping Sh70 million in illegal ATM transactions from various accounts around the city, has heightened fears that high-tech thieves, some from faraway countries, may have infiltrated the country.

Dar es Salaam Special Police Zone Commander Suleiman Kova told a press conference yesterday that the Bulgarians were arrested on Saturday in a sting operation by his officers.

The suspects fell into a trap that was set up following mounting complaints by bank account holders that they were losing their savings in unauthorised ATM withdrawals.

Their arrests, Mr Kova said, were a major breakthrough in the fight against criminals targeting countries like Tanzania, which have inferior technological expertise.

&#65533;The suspects fell for our trap and were arrested while scouring an ATM in the city, where we had stationed a detective posing as a cleaner. On inspection, they were found with a special device that they had used to discreetly record people&#65533;s Personal Identification Numbers (PIN),&#65533; said Mr Kova.

The numbers, he added, were then copied and used later to empty the accounts.
He said the two suspects were found with five Barclays and Stanbic ATM cards and illegal equipment.

He said the suspects would appear in court once the investigation is completed.

The arrest of the Bulgarians comes at time when international organisations and diplomatic missions have been circulating reports to staff and visitors, warning them against using ATM cards while in Tanzania.

The warnings were first issued by the United States Embassy in Dar es Salaam two weeks ago, after several staff members reported the suspect withdrawal of funds from their accounts.

A notice by the embassy on the ATM fraud indicated that most of the illegal withdrawals originated from Nairobi, but after the account holders used their cards in Dar es Salaam.

The embassy said the losses &#65533;have been significant&#65533; and &#65533;we are not alone, apparently, as others in the diplomatic and business communities have also been victimised".

The notice added: "We are unsure of the method that the perpetrators are using. Therefore, we must assume that all ATMs in Tanzania are potentially compromised. We strongly recommend that you check your accounts and determine if any unusual withdrawals have occurred.&#65533;&#65533;

The European Union, which hosted a civil society meeting last week in Dar es Salaam drawing participants from the larger East Africa region, also cautioned the delegates against using ATMs.

Even though officials in the Bank of Tanzania (BoT) and at least one local bank had played down the issue, the arrest of the Bulgarians will be a big boost to efforts to restore the confidence of card holders, especially those with inter-bank Visa cards that were most affected.

BoT's senior economist in the directorate of national payment system, Mr Alli Liyau, assured bank customers that ATMs were still safe and preferred for transactions. However, he advised the commercial banks to raise their vigilance.
The Chief Commercial Officer of the National Microfinance Bank (NMB), Mr Bas Nierop, was quoted in the media, as saying that his bank was not been affected since it was not connected to the Visa network.

The head of the police economic sabotage and money laundering unit, Mr Samson Kusala, said they were fully prepared to tackle cyber crime.

Recently, Mr Kusala, who is the deputy Director of Criminal Investigations, admitted that organised cyber crimes were on the increase and called for concerted efforts between the private and public sectors to eradicate it.

During the presentation of the donation, the organisation&#65533;s chairman, Mr Ali Mufuruki, said the training was meant to equip the investigators with the necessary expertise to monitor and curtail the negative effects of cyber crime on national development and security. Mr Mufuruki is also the chairman of Mwananchi Communications Ltd.

The BoT has also formed a Financial Intelligence Unit to fight the new crime that has been spurred by the rapid expansion of Internet use across the world.

Local banks have also been victims of internal hacking, normally in collusion between workers and criminals through which billions of shillings has been stolen.

There are ways to hack into them like:
-Reverse Engineering ,
Tempering with the correct electric frequency ,
using acid to burn of the protective layers till you get through the databus (which you can probe) and the list goes on and on ....

But my point is it is not as easy as swiping it into some magnetic copier and duplicating it you see.

Also keep in mind that there are companies out there whose sole job is to design mechanisms so that you cant get to probe the databus.
(e.g of one mechanism is to include acid in the protective layer so that when you temper with the smart card chip the acid destroys whatever information is in the chip